Several other Box users at my organization and I have noticed that SSO authentication does not work in Firefox. It yields a blank page after logging in through our organization’s login system instead of continuing with the authentication process. One of my colleagues was able to re-create this issue today by attempting to sign in to Box in Firefox (while trying to configure an Rclone remote). In the developer tools, the error
Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src").
is given.
This authentication issue is caused by the Box site’s Content Security Policy (CSP), which blocks inline JavaScript, paired with the reliance of the SSO page on inline JavaScript. Firefox adheres strictly to the CSP, so it does not allow the script to run. Other browsers, like Chrome and Konqueror, have no such issue (likely because they ignore this part of the CSP). It's also possible to work around this issue on Firefox by running
document.formso0].submit();
from the console twice while on the blank page.